CVE-2026-57239
Severity CVSS v4.0:
Pending analysis
Type:
CWE-427
Uncontrolled Search Path Element
Publication date:
08/07/2026
Last modified:
09/07/2026
Description
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM.
Impact
Base Score 3.x
8.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* | 13.2.4.24048 (including) | |
| cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* | 14.0.0.33046 (including) | 14.0.4.33508 (including) |
| cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* | 2023.1.0.15510 (including) | 2023.3.0.23028 (including) |
| cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* | 2024.1.0.23997 (including) | 2024.4.1.27687 (including) |
| cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* | 2025.1.0.27937 (including) | 2025.3.0.35737 (including) |
| cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* | 2026.1.0.36452 (including) | 2026.1.1.36485 (including) |
| cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:* | 2026.1.1.36485 (including) | |
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



